Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/03/2025, 17:31

General

  • Target

    Cracked LB-PHONE/setup.exe

  • Size

    17.7MB

  • MD5

    b841c3328c8c0b782dffa4b6bd6ddb36

  • SHA1

    06e94314de7a36c0710bcf6e051dd49a194ec796

  • SHA256

    62a2fdf7ed3833f9aeea8af9bdb438611ce44e90c9cf0f81a887f25bd1aabcec

  • SHA512

    5b550fedefa53eb34796ec1989882dfb37cafc84edfc94310267d47d6355b1a37fe084fba4d8cd5a2b7f1c63659d81fbf53b31afef2a31721ac0e4dcdbee2bc7

  • SSDEEP

    393216:FqPnLFXlrSQ8DOETgsvfGF+g1RLUDvEJVJY/VQq:8PLFXNSQhEpgJUoJAP

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Cracked LB-PHONE\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Cracked LB-PHONE\setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:592
    • C:\Users\Admin\AppData\Local\Temp\Cracked LB-PHONE\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\Cracked LB-PHONE\setup.exe"
      2⤵
      • Loads dropped DLL
      PID:2308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI5922\python310.dll

    Filesize

    1.4MB

    MD5

    69d4f13fbaeee9b551c2d9a4a94d4458

    SHA1

    69540d8dfc0ee299a7ff6585018c7db0662aa629

    SHA256

    801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

    SHA512

    8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

  • memory/2308-113-0x000007FEF5F50000-0x000007FEF63BE000-memory.dmp

    Filesize

    4.4MB